1. watchdoghttp://www.zomers eu/knowledge/pfSense/Pages/Conﬁgure-pfSense-2.0-RC1-to-use-Watchdog-functionality aspxhttp://www.tnpi net/wiki/Soekris_FirewallMemstick Installer and Serial Consolehttp://ﬁles pfsense org/jimp/pfSense-memstick-2 0.1-RELEASE-i386 img.gzMacbook Pro USB to Serial GUC232Ahttp://www.oramboston com/learning-center/blog/bid/75522/Macbook-Pro-USB-to-Serial-GUC232AMacbook Pro USB to Serial GUC232AThis is a pretty speciﬁc post. Ive recently purchased an Intel-based 17" MacBook Pro and have an IOGear GUC232A USB to Serial converter I use for my console connections to Cisco routersthat Ive had a heck of a time getting working. BUT, Ive ﬁnally conquered and wanted to write the steps I performed to alleviate the time spent if I have to do this again:1. Download the LATEST driver from Proliﬁc (http://www.proliﬁc com.tw/eng/downloads.asp?ID=31 - download the ﬁle md_pl2303H_HX_X_dmg_v1.2.1 zip)2. Run through the install, reboot3. The Proliﬁc is a generic driver that works with the GUC232A, so you have to tweek it:Plug the GUC232A into any available USB port on your MacOpen the System Proﬁler, in /Application -> UtilitesClick USB in the Contents paneSelect the GUC232A in the Device Tree usually it will be listed under USB-Serial ControllerRemember the ProductID and VendorID, or keep the System Proﬁler window openOpen the Terminal, in /Application -> UtilitesUse the following command to open the Property List of the Proliﬁc driver:sudo nano /System/Library/Extensions/ProliﬁcUsbSerial kext/Contents/Info.plistEnter your admin password when asked. This is necessary the ProliﬁcUsbSerial kernel extension is owned by root.Scroll down and ﬁnd the ProductID and VendorID in the plist ﬁleChange the ProductID and VendorID to match your GUC232As ProductID and VendorIDThe plist ﬁle needs the numbers as integer values, but System Proﬁler reports the numbers as hex. Use the Calculator to convert the numbers. For example, System Proﬁler reports the Product IDas 0x2008 and the Vendor ID as 0x0557. The integer value of ProductID is 8200 and the integer value of VendorID is 1367Save the changes (Control-W) and quit (Control-X) nanoUnplug the GUC232AUse the following command to load the kernel extension:sudo kextload /System/Library/Extensions/ProliﬁcUsbSerial.kextPlug the GUC232A into any available USB port on your MacAccess the network properties window (network port conﬁgurations) to enable theusbtoserial device it foundPerform a ls /dev command - it should show the tty usbserial deviceminicomHow to stop Snort alerts from being generated / how to (not) ignore traffichttp://oinkmaster.sourceforge.net/avoiding_snort_alerts txtsuppress gen_id 111, sig_id 15The sqlite & MYSQL libraries are built in, just not active. Its already on the box, you just have to enable it. Actually now that I look mysql is there also.To enable, just do:
2. Code:touch /etc/php_dynamodules/pdotouch /etc/php_dynamodules/pdo_sqliteANDCode:touch /etc/php_dynamodules/mysqlMobile IPsec on 2.0http://doc pfsense.org/index.php/Mobile_IPsec_on_2 0How to set up IPsec tunneling in PfSense 2.0-RELEASE for road warriorshttp://dekapitein.vorkbaard.nl/tech-1/how-to-set-up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriorspfSense 2.0 RC1 Conﬁgure Captive Portal for Guests with Local User Managementhttp://blog stefcho.eu/?p=754OpenVPN with RADIUS authentication on p Sense 2.0 RC1http //blog ste cho eu/?p 545p sense 2.0.1 OpenVPN Bridging guidehttp //hard orum com/showthread php?p 1038226511Install and Conﬁgure p Sense in Your Home Networkhttp //www iceﬂatline com/2010/08/install-and-conﬁgure-p sense-in-your-home-network/Linux Wireless Driver Support & Capabilitieshttp //www ab9il net/linuxwireless/wiﬁdrivers2 htmlComparison o open-source wireless drivershttp //en wikipedia org/wiki/Comparison_o _open-source_wireless_driversFreeBSD Handbook: Chapter 32 Advanced Networkinghttp //www reebsd org/doc/en_US SO8859-1/books/handbook/network-wireless htmlOpenSoekrishttp //opensoekris source orge net/Install and Conﬁgure pfSense in Your Home Networkhttp //www iceﬂatline com/2010/08/install-and-conﬁgure-p sense-in-your-home-network/Bridging the pfSense 2.x wireless dividehttp //blog qcsitter com/BSDay/index php?/archives/2-Bridging-the-p Sense-2 x-wireless-divide htmlOS X Lion as a syslog serverhttp://wiki mikrotik com/wiki/OS_X_Lion_as_a_syslog_serverHowTo Conﬁgure Mac OS X Syslog To Forward Datahttp://wiki.splunk.com/Community:HowTo_Conﬁgure_Mac_OS_X_Syslog_To_Forward_DataEnable an Apple Mac OS X machine as a syslog serverhttp://meinit.nl/enable-apple-mac-os-x-machine-syslog-server10.7: Re-enable syslogd for incoming connectionshttp://hints macworld com/article php?story=20110724103552640Enable an Apple Mac OS X machine as a syslog serverhttp://meinit.nl/enable-apple-mac-os-x-machine-syslog-serversyslog -w -r host 192.168.3.1
3. pfsense 2 0 snort 2.9.5 Barnyard2 binary not existhttp://forum pfsense org/index php/topic,42016 0 htmlFreeSwitch on PfSense Installhttp://doc.pfsense.org/index.php/FreeSWITCHhttp://wiki.fusionpbx.com/index.php?title=PfSense_Installhttp://wiki.freeswitch.org/wiki/Installation_Guidehttp://wiki.freeswitch.org/wiki/Freeswitch_Guihttp://wiki fusionpbx com/index.php/PfSense_Installhttp://192.168.3.1/fusionpbxhttp://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#FreeRADIUS_.2B_WLAN_.2B_PEAP_and_MSCHAPv2pfSense 2.0 Multi-WAN Failover with Clear Wireless Internethttp://www.bunkerhollow.com/blogs/matt/archive/2011/07/27/pfsense-2-0-multi-wan-failover-with-clear-wireless-internet aspxOur ofﬁce has a fast internet connection but they charge for bandwidth overages and no matter what we do, we can’t seem to stay within our plan’s limits.  These charges would amount to over$200/month, and with new hires on the way we decided it was time to ﬁx the problem.  We ﬁgured if we could ﬁnd a solid WiMAX connection with an unlimited plan we could use that as ourprimary connection and save even more by dropping our ofﬁce’s plan to the lowest tier.Requirements • Speed – reasonable browsing & web development speed for 5-10 employees.  Large ﬁle transfers or even video streaming isn’t much of a concern, but employees shouldn’t notice a difference with everyday work. • Connection Strength – We’re on the top (11th) ﬂoor of a Manhattan ofﬁce building, we have skylights, and our cell phone service is decent, but there’s no way to know if 4G will even work until we give it a try. • Failover – When the wireless connection fails or is ﬂaky, which it will inevitably be at times, we want a seamless failover to our ofﬁce connection as backup.  Ideally, this won’t require any special conﬁguration on the client machines. • Unchanged Incoming Connections – Our bandwidth problem is with our outgoing trafﬁc only. We don’t want to change any of our NAT/ﬁrewall rules for incoming trafﬁc, that should remain incoming over our ofﬁce plan.Network Layout • Firewall/Router – Our existing Netgate Hamakua running pfSense 2 0 RC3. • WAN Connection 1 – Our existing ofﬁce connection is the ﬁrst of our multi-WAN conﬁguration.  We will conﬁgure this connection as backup. • WAN Connection 2 – Clear Wireless (http://clearwirelessinternet com) seemed to have the lowest prices, and they have a store just a few blocks away at 17th and Broadway.  We picked up a 4G unit with unlimited bandwidth for $35/month. • LAN – Consists of several hardwired Windows workstations.pfSense Conﬁguration 1. System –> Routing –> Gateways tab Add gateway for new WAN interface and ensure neither gateway is set as default.     2. Interfaces –> OPT1 Conﬁgure our new WAN interface (connected to our Clear 4G unit).
4.   3. System –> Routing –> Groups –> Add Group Create a Gateway Group for Multi-WAN failover.     4. Firewall –> Rules –> LAN tab –> Edit Default LAN Rule –> Advanced Features –> Gateway –> MULTIWAN Add the new Gateway Group to the default LAN rule that allows all trafﬁc out.     5. Done!Clear Wireless ReviewSo now that we’ve had our 4G failover conﬁgured for a few days, let’s take a look at the results. • Speed Test – pretty good results for $35 a month.  Our 6 users hardly notice any difference in their day-to-day browsing.     • Multi-WAN Trafﬁc Graphs – The two graphs below represent the trafﬁc over our ofﬁce WAN (top) and Clear Wireless WAN (bottom).  You can see the switchover occurred on Wednesday, and since, not a single packet has traveled over the ofﬁce network.  That’s 6GB of data in only 3 days that won’t be factored in to our ofﬁce bandwidth.  I think lowering our ofﬁce plan to the bottom tier is a real possibility.
5.   • Packet Loss Quality – I’m happy to report 0 packet loss and < 20ms delay over Clear Wireless so far!  (The packet loss that occurred on Wednesday was our failover testing by unplugging the Clear unit).  ----pfSense 2.0 RC1 conﬁguration of OpenVPN Server for Road Warrior with TLS and User Authenticationhttp://blog stefcho.eu/?p=492How do I use a router with the Westell 6100?http://members.verizon net/~res08lyg/6100.htmyou will most likely need to get the MAC address of the 6100 and clone that to your router. http://www.dslreports com/faq/13600How do I use a router with the Westell 6100?The 6100 is a modem/router combination unit, meaning it contains a DSL modem and a general purpose NAT (Network Address Translation) router. "Bridging" means disabling both the publicand private side of the NAT router, thereby turning the 6100 into a simple DSL-to-Ethernet bridge, or "dumb modem".If you are already using a router, or want to, (examples: if you already have your LAN set up and simply need to connect it to the internet or you want to add wireless connectivity to yourconnection or you want to use an optimised-for-gaming router or you want to add a VoIP router), you will want to bridge the 6100.For optimum performance and reliability the connection should only be going through one NAT router. When the connection goes through multiple NAT routers, troubles like NAT conﬂicts willcause router lock ups and loss of connectivity, and conﬁguring access for things like game consoles, VPN tunnels, remote access, server applications, security cameras, or high-end multiplayergames will be difﬁcult if not impossible.Virtually all Westells with a GUI used the white & blue "Westell" branded ﬁrmware until sometime in 2007. I believe version 4 was the last white & blue ﬁrmware. The red & black "Verizon"branded ﬁrmware was rolled out in 2007. You may be running version 5 or 6.When the Westell is bridged, it will have no router functions at all, no subnet, no IP, and no default gateway. The router connected to the Westell will acquire and hold the Public IP address and willdetermine the LAN IP addresses and subnet.The Westell 6100 modem/router supplied by Verizon can be used in either Router or Bridge mode. If you are already using a router, or want to, you need to put the modem in Bridge mode or youllhave problems. These instructions apply to the Westell 2200, 6100, 6100F, 327W, and 7500 models.• You should follow these instructions with one PC connected to the Westell using the supplied Ethernet cable (CAT5 or CAT5e) and that you are online and able to browse to various web sites. Ifyou already had a LAN setup and were online but needed to replace your modem, temporarily connect one PC directly to the Westell using the supplied Ethernet cable before continuing.
6. • Temporarily turn off all ﬁrewalls and pop-up blockers on the PC.• In your browsers address box, type 192.168.1.1 to access the Modem Conﬁguration utility. When asked for user name and password, enter your routers username and password (the default forthe Verizon issued routers is typically "user=admin, password=password").• Here you may get a screen titled User Settings, this is asking you to change the username and password for the Westell, invent and enter a username and a password, (record these somewhere soyou dont forget them).If your Westell uses the white and blue Westell ﬁrmware:• Now, from the Conﬁguration menu, choose VC conﬁguration, hit the top Edit button. In the popup, set protocol to Bridge.• Then below in VC 1 Bridge Settings set the mode to Bridge Early 6100• Hit Set VC. Save.• Then, again in the Conﬁguration menu, select DHCP Conﬁguration and set the dropdown to OFF. Hit save and log off the utility.• Most people dont need any more complex procedures, so try these ﬁrst. However, on occasion, you will need some additional steps, including cloning MAC addresses. If you have trouble, checkout the diagrams and instructions here: »mysite.ncnetwork net/res08lyg/6100.htmIf your Westell uses the red and black Verizon ﬁrmware:(Wireless Settings wont be there on the 6100 or 6100F, the left panel may be called "My Modem")• Select the My Network icon, then select Network Connections from the left menu.(Only the top two connections will be listed in the 6100 and 6100F)• On the Broadband Connection screen click on the words "(Broadband Connection DSL)".• PPPoE customers will see this screen. If you use a DHCP type Internet connection the screen will be different, you will have a "release" button in the top section - use it now to release your publicIP. Then, locate the VCs section, locate the line " Enabled, VPI 0, and VCI 35 ..." and click the notepad icon under Edit on the right to get to the VC 1 Conﬁguration screen.• In the VC 1 Conﬁguration screen open the drop down box beside "Protocol" and choose "Bridge". If your connection type is DHCP the Protocol should already be "Bridge". Once Bridge ischosen, the screen will change – open the drop down box beside "Bridge Mode" and choose "Bridge", then click the Apply button at the bottom. This has disabled the Public side of the 6100srouter.• The modem will reset. Next you need to disable the Private side, the DHCP server - click the My Network icon again, click Network Connections from the left menu again. On the BroadbandConnection screen, click the word "Lan", on the next screen remove the topmost checkmark (Private LAN DHCP Server enable), click apply or save settings.
7. • The same page will return. The Westell is now bridged, the Internet light will no longer light, log off the utility.Back to common steps:• Power down and disconnect the PC from the Westell.• Connect the Ethernet cable from the Westell to the port on your router labeled WAN, (or Internet). Connect an Ethernet cable from one of the LAN ports of your router to your PC. Power up theWestell, wait for the DSL light to stop blinking then power up your router, then the PC. When the PC boots up your ﬁrewalls and pop-up blockers may be re-enabled, it may be necessary to turnthem off again.• Skip this next step if youve already been using your router to supply PPPoE with your username and password.• If your router came with a setup disk insert it now, otherwise open a web browser and access the Routers GUI, usually at 192.168.0.1, or 192.168.1.1, or 192.168.2.1. If the router has a SetupWizard use it, otherwise manually conﬁgure the router for your Internet connection type. (Note: most routers default to "Automatic" which is DHCP). If you connect via PPPoE you will need tosupply your Verizon Username and Password so the router can acquire a Public IP address, if you connect via DHCP you may also need to use the routers MAC cloning feature, enter the MACaddress from the Westells label and your router will use it to acquire a Public IP address.• Test that you can browse to some safe web pages, then turn your ﬁrewalls and pop-up blockers back on.System: Advanced: Admin Access